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DETAILED ACTION 

1 . This action is responsive to communications filed 9/28/2006. 

2. Claims 1-21, 33 and 34 are pending in the case. Claims 22 to 32 are cancelled by 
the applicant. Claims 33 and 34 are new. 

Response to Arguments 

3. In section titled "Interview Summary", applicants have stated that during the 
interview dated September 22, 2006, all parties agreed that Rothermel did not mention 
or suggest a security policy that is configurable to be simultaneously implemented for a 
plurality of computer devices within the distributed security system, wherein at least a 
first computer device within the distributed security system operates on an operating 
platform that supports at least one security protocol that is different than a security 
protocol supported by a platform of at least a second computer device among the 
plurality of computer devices. This statement is false, as Examiner did not agree that 
Rothermel does not suggest the mentioned limitation. As indicated by Examiner's 
Interview Summary, the agreement made was that applicants would amend claim 1 . 

Rothermel does suggest the limitations of claim 1 as amended. Fig. 1, shows multiple 
NSDs connected to a Supervisor/Host device, providing the platform to distribute 
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security policies simultaneously. In, col. 1, line 46 to col. 2 line 8, Rothermel clearly 
shows that configuration of large number of different devices is indeed a requirement for 
successful network security management. In col. 13 line 30 to col. 14 line 45, Rothermel 
describes an example embodiment using a Linux operation system. Column 14, lines 
41-45 clearly indicate that Rothermel's system works with Linux and Operating Systems 
other than Linux . Each NSD works with software components that are configured in the 
device (col. 14, lines 1-12). A variety of other optional software components can be 
provided to and executed by an NSD (column 14, lines 31-33). Therefore, Rothermel 
suggests simultaneous configuration of different NSDs running different operational 
platforms. 

Applicants' arguments are not persuasive in light of the above discussion and the 
following rejections. 



Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 
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5. Claims 1, 2, 3, and 5 to 19, 32 and 34 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Rothermel (U.S. Patent No. 6678827). 

5.1 . As per claim 1 , Rothermel is directed to a distributed security system (Fig. 1 and 
column 4 line 63 to column 5 line 13) comprising: 

a security policy written in a security protocol independent (column 7 line 3 to 57 
disclose that the Security Policy Manager Device allows a user to create a 
security template independent of security protocols running in NSDs. The 
template will be configured based on NSD protocols to create a security policy 
compatible with NSD, once the template is loaded on NSDs. Therefore the 
security policy language used at the Security Policy Manager Device must be 
independent of the security protocols of NSDs) policy language (column 4line 65 
to column 5 line 3), wherein the security policy is configurable to be 
simultaneously implemented for a plurality of computer devices within the 
distributed security system, wherein at least a first computer device within the 
distributed security system operates on an operating platform that supports at 
least one security protocol that is different than a security protocol supported by a 
platform of at least a second computer device among the plurality of computer 
devices (col. 13 line 30 to col. 14 line 45) wherein the first and second computer 
devices process the data in accordance with security policy of the distributed 
security system (Fig 2 and column 8 line 49 to 65). 
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5.2. As per claim 2, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy identifies the components of the security system (column 5 
line 14 to 25). 

5.3. As per claim 3, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy identifies the access rights of the security system (column 1 1 
line 18 to 45). 

5.4. As per claim 5, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy is configurable (column 7 line 25 to 37). 

5.5. As per claim 6, Rothermel is directed to the distributed security system of claim 
1 , wherein: 

the security policy language comprises at least some logic based components. 
As shown in Fig. 3G and column 1 1 line 45 to 60, the security policy creation 
template allows the manager to select network security information using radio 
buttons. Radio buttons corresponds to XOR logic. Therefore, the Examiner 
asserts that Rothermel policy templates include logic-based components. 
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5.6. As per claim 7, Rothermel is directed to the distributed security system of claim 
1 , wherein: 

the security policy language comprises at least some rule-based components. 
As shown in Fig. 3D-F and column 1 1 line 9 to 45, the security policy creation 
template allows the manager to set the access rules for ping services. Therefore, 
the Examiner asserts that Rothermel policy templates include ruled-based 
components. 

5.7. As per claim 8, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy language comprises procedural components. As shown in 
Fig. 3B and column 10 line 24 to 45, a security policy is created based on a 
procedure of using the policy template and completion of the policy by including 
network topology attributes. Therefore, the Examiner asserts that Rothermel 
policy templates include procedural components. 

5.8. As per claim 9, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the computer device is configured with computer-executable instructions to: 
receive from the first entity a message formatted in a first protocol and transmit to 
second entity the message formatted in the second protocol that is different from 
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the first protocol (Fig. 6 and column 13 line 30 to 67, and Fig 6 column 13 line 30 
to column 14 line 50) 

5.9. As per claim 10, Rothermel is directed to the distributed security system of claim 
9, wherein: 

the computer device is configured with computer-executable instructions to: 
receive from the first entity a message transported with a first transport; and 
transmit to second entity the message formatted in the second transport that is 
different from the first transport (column 16 line 48 to 62, and Fig 6 column 13 
line 30 to column 14 line 50) 



5.10. As per claim 1 1 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy is implemented in at least one application programming 
interface (column 13 line 42 to 67). 

5.1 1 . As per claim 12 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security language includes programming language constructs (column 13 line 
42 to 60). 
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5.12. As per claim 13 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes an identify service (Fig. 6 item 640 and column 13 
line 45 to 50). 

5.13. As per claim 14, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes an admission service (Fig. 6 item 630, the firewall will 
block or admit packets) 

5.14. As per claim 15 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes a permission service (Fig. 3d and column 1 1 line 9 to 
15). 

5.15. As per claim 16 Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy includes a revocation service. As indicated in Fig. 3F, the 
security policy can be configured to allow or disallow a user to access a certain 
service, such as Ping. Changing the policy to disallow a user to continue 
accessing a service is analogous to revocation of a right, and therefore works as 
a revocation service. 
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5.16. As per claim 17 Rothermel is directed to the distributed security system of claim 

4 

1, wherein: 

the security policy includes a mapping of entities to rights. As described in Fig. 
3B and column 10 line 27 to 65, the policy is created based on security template 
and attributes of each entity. One of the attributes of each entity is its rights. 
Therefore, a policy is created based on the rights of each entity. This discloses 
the feature. 

5.17. As per claim 18, Rothermel is directed to the distributed security system of claim 
17, wherein: 

the security policy further includes a mapping of entities to capabilities. As 
described in Fig. 3B and column 10 line 27 to 65, the policy is created based on 
security template and attributes of each entity. One of the attributes of each entity 
is its capabilities. Therefore, a policy is created based on the capabilities of each 
entity. This discloses the feature. 

5.18 As per claim 19, Rothermel is directed to the distributed security system of claim 
1, wherein: 

the security policy is configured to invoke external computer-readable 
instructions (Fig. 6 and column 13 line 30 to 50). 



Application/Control Number: 10/068,444 Page 10 

Art Unit: 2132 



Claim Rejections - 35 USC § 103 
6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



7. Claims 4, 20 and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rothermel as applied to claim 1 above, and further in view of Saulpaugh (U.S. 
Patent No. 6850979). 



7.1 As per claim 4, Rothermel is directed to the distributed security system of 
claim 1 , however, it does not include the specific limitation of security policy 
language comprises the extensible markup language. Saulpaugh teaches a 
method for creating message gates, useful for controlling the level of security 
access the client has to the services (column 7 line 36 to 55). Saulpaugh 
introduces the benefits of using extensible markup language (XML) to create 
messages gates (column 7 line 19 to 36, column 15 line 62 to column 16 line 35). 



Rothermel and Saulpaugh are analogous art because they are both related to 
distributed security systems and secure exchange of data between distributed 
network elements and devices. 
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At the time of invention, it would have been obvious to a skilled person in the art 
to improve the way that Rothermel distributes security policies between the 
security manager and the security devices (which in essence, is exchanging a 
message) using XML comprised message gates as directed by Saulpaugh. 

The motivation to do so would have been to improve the security of policy 
exchange between the security policy manager and network security devices 
using a standard message exchange language that is interoperable among 
multiple platforms. 

Therefore, it would have been obvious to use XML to create and exchange 
security policies. 

7.2. As per claim 20, Rothermel is directed to the distributed security system of claim 
19, however, it does not include the specific limitation of external computer 
readable instructions comprise native process code. Saulpaugh teaches a 
method for creating message gates, useful for invoking programs in computer 
native language (column 14 line 29 to 42). 

Rothermel and Saulpaugh are analogous art because they are both related to 
distributed security systems and secure exchange of data between distributed network 
elements and devices. 
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At the time of invention, it would have been obvious to a skilled person in the art 
to improve the distributed security system of Rothermel to be capable of invoking 
programs in computer native language, as described by Saulpaugh. 



The motivation to do so would have been to extend the system's range of 
interoperability to include systems working with machine native language. 



7.3. As per claim 21 , Rothermel is directed to the distributed security system of claim 
19, however, it does not include the specific limitation of external computer 
readable instructions comprise Java code. Saulpaugh teaches a method for 
creating message gates, useful for invoking programs in Java code (column 14 
line 29 to 42). 

Rothermel and Saulpaugh are analogous art because they are both related to 
distributed security systems and secure exchange of data between distributed network 
elements and devices. 



At the time of invention, it would have been obvious to a skilled person in the art 
to improve the distributed security system of Rothermel to be capable of invoking 
programs in Java code, as described by Saulpaugh. 
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The motivation to do so would have been to extend the system's range of 
interoperability to include systems working with Java code. 

8. Limitations or claims 33 and 34 are substantially the same as claim 1 above. 



Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is 571 
272 3739. The examiner can normally be reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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